10 Computer Viruses

  Believed to be the first computer virus for MS-DOS, Brain was released in 1986 and infected the boot sector of storage media, primarily floppy disks, formatted with DOS File Allocation Table (FAT). The boot sector was moved to another sector and marked as bad. Meanwhile, text was written into the infected sectors, which, remarkably, included the virus authors’ names and telephone numbers.

  Storm Worm exploited users’ thirst for sensational news headlines. In this case, the headline was “230 dead as storm batters Europe” which accompanied a link to the “story.” When users clicked the link, instead of reading a news story, they downloaded a virus that then turned their computer into a bot that redistributed the email.

  SQL Scammer sparked on January 25, 2003, when it infected its first server. After it, the infection spread rapidly, having infected more than 70,000 computers after the release into the wild. This worm exploited a bug in Microsoft’s SQL Server as well as Desktop Engine database products. As it spread quickly, it severely slowed down worldwide internet traffic, which resulted in the collapse of important systems, and it caused panic and significant damage.  What is remarkable is that the patch that could have prevented the spread of this infection was released 6 months prior to the incident itself. However, those companies that were affected merely ignored the recommendation to install it. 

  Tinba was first discovered in 2012. The name stands for the Tiny Banker Trojan. As a modified version of older Banker Trojans, it was developed to target the websites of financial institutions. The main goal was to collect clients’ information, such as PIN codes, usernames, account details, passwords, and credit card numbers. Tinba is based on network sniffing and man-in-the-browser attacks. It is indeed tiny — 20 KB — and it is what made the Trojan difficult to detect. 

  Ransomware has become hugely popular among hackers and cybercriminals for obvious reasons. By disrupting users’ systems, preventing access to data, or using social engineering to prey on their fears, criminals extract payment in return for removing the threat. CryptoLocker was one of the first examples. Released in September 2013, CryptoLocker spread via email attachments and encrypted files on infected computers, making them impossible to access. In order to restore access to their data, users had to pay a ransom, at which point the cybercriminals behind CryptoLocker would send a decryption key that could be used to unencrypt the files. Some users reported that they were able to regain access by carrying out a System Restore or using data recovery software. Others said that when they had tried to recover files, they had lost them completely.

  Remember we said in the introduction that the damage caused by viruses included damaging an entire country’s nuclear program? Well, that was Stuxnet. Believed to be a joint US/Israeli cyberweapon, though neither country has openly admitted responsibility, Stuxnet was first discovered in 2010. The purpose of the virus was said to be to interfere with Iran’s attempts to build a nuclear weapon. It was spread by a USB thumb drive and targeted software that controlled a uranium facility in Iran. According to a report published in the New York Times, the damage it caused was so great it made 1,000 centrifuges self-destruct. The Times reported that it was a ‘programming error’ that allowed Stuxnet to escape the facility in Iran and spread around the world on the internet. It was said to be part of a wider US effort, called Olympic Games, to disrupt Iran’s nuclear program.

  Until Mydoom came along, ILOVEYOU held the record for the fastest-spreading email worm ever. But that all changed in January 2004. And 15 years later, Mydoom, first spotted in that month, still holds the record. Mydoom was named by one of the first people to discover it, who noted that code contained the word ‘mydom’ and, given the fact that it was already apparent that it would spread quickly, felt that having ‘doom’ in the name was appropriate. Mydoom affected Windows computers and used a backdoor to take control of a PC and subvert Windows Explorer. It launched a distributed denial-of-service attack, which seemed to particularly target computers belonging to SCO.com. But avoided hitting email addresses registered to some universities as well as those at Microsoft and Symantec. The text of the email used to spread the virus contained the rather cryptic message, “andy; I’m just doing my job, nothing personal, sorry.”

  One of the first worms distributed over the internet, the Morris worm, named after its creator, Robert Morris, a graduate student at Cornell University, was released on November 2, 1988. Morris, now a professor at MIT, claimed the worm was intended to demonstrate security flaws in Unix systems. However, a coding error resulting from an attempt to prevent the worm from being easily disabled led to a massive denial-of-service attack, which was estimated to have infected 6,000 computers. This figure was arrived at by multiplying all the computers that were estimated to be connected to the internet by 10% — the same way that the effect of the ILOVEYOU virus and several others were estimated. The US Government said the damage cost between $100,000 and $10,000,000, and the Morris worm resulted in the first conviction under the 1986 US Computer Fraud and Abuse Act.

  The ILOVEYOU worm attacked tens of millions of computers running Windows from May 2000. It got its name from the subject line of the email to which it was attached, disguised as a text file. When the attachment was opened, it triggered a Visual Basic script that started to destroy files and sent a copy of itself to all the contacts in Windows’ Address Book. ILOVEYOU relied on flaws in Windows to allow it to hide the fact that it wasn’t, in fact, a text file but a Visual Basic script. But it also used social engineering, creating curiosity in the mind of the recipient, to persuade users to open the attachment. At the time, it was estimated that one in ten internet-connected computers had been affected and a cost of $5-8 billion, with a further $15 billion in clean-up costs. The Pentagon, CIA, and UK Parliament shut down email systems to protect themselves. And the virus even inspired a song by the Pet Shop Boys that reflected on the human desires that allowed the virus t...

  First discovered in 2008, Conficker, which had many aliases, including Downup, Downadup, and Kido, is a worm that targets Windows operating systems. It uses a variety of different malware techniques, including exploiting flaws in Windows and using dictionary attacks on administrator passwords to infect computers and propagate, forming a botnet. It infected millions of computers in 190 countries, including those on networks run by the French Navy, the UK Ministry of Defence, and the UK House of Commons. Among the symptoms of Conficker are user accounts being locked, local area networks being flooded with traffic, and websites that host antivirus software becoming inaccessible. Conficker was so troublesome that an industry group spearheaded by Microsoft and including ICANN and Verisign was formed to try and combat it.